Facebook says 50 million users affected by 'security flaw'

Facebook has discovered a security flaw affecting about 50 million user accounts which could have allowed attackers to take over the accounts, the social networking company said on Friday.

Facebook has since fixed the vulnerability and informed law enforcement, it said.

Attackers stole Facebook access tokens through its "view as" feature, which they could then use to take over people's accounts. "View as" is a feature that allows users to see what their own profile looks like to someone else.

"We do not currently have any evidence that suggests these accounts have been compromised," chief executive officer Mark Zuckerberg said in a Facebook post.

Facebook has reset the access tokens of the 50 million affected accounts, it said. As a precaution, the company has reset access tokens for another 40 million accounts that have looked up through the "view as" option in the last year.

"Since we've only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed," the company said in a blog post.

Facebook has revealed that 50 million users were affected by a security flaw.

Facebook has revealed that 50 million users were affected by a security flaw.

Facebook shares fell 3 per cent to $US163.78 in afternoon trading, weighing on major Wall Street stock indexes.

About 90 million people will have to log back in to Facebook or any of their apps that use a Facebook login, the company said.

Facebook also said it was temporarily turning off the "view as" option.

The company would need to continue developing new tools to make its accounts more secure and prevent similar incidents, he added.

Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy.

In 2013, Facebook disclosed a software flaw that exposed 6 million users' phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users' profiles.

Reuters

Source: Read Full Article